package com.hava.login.repository;

import com.hava.login.entity.User;

import java.sql.*;

/**
 * Created by yanfa on 2016/9/27.
 */
public class Login {

    public final static String JDBC_DRIVER = "com.mysql.jdbc.Driver";
    public final static String DB_URL = "jdbc:mysql://192.168.1.200/test";
    public final static String USER = "root";
    public final static String PASSWORD = "dVHJtG0T:pf*";

    public static User login(String username, String password) throws ClassNotFoundException {
        Connection connection = null;
        Statement statement = null;
        ResultSet resultSet = null;
        User user = null;

        Class.forName(JDBC_DRIVER);

        try {
            connection = DriverManager.getConnection(DB_URL,USER,PASSWORD);
            statement = connection.createStatement();
            String sql = "SELECT * FROM user_login WHERE userName = '"+ username + "' AND password = " +password;
            resultSet = statement.executeQuery(sql);

            while(resultSet.next())
            {
                user = new User();
                user.setId(resultSet.getInt("id"));
                user.setUserName(resultSet.getString("userName"));
                user.setSex(resultSet.getInt("sex"));
                user.setPassword(resultSet.getString("password"));
            }
        } catch (SQLException e)
        {
            System.out.println(e.toString());
        }
        finally {
            try{
                if(connection != null) connection.close();
                if(statement != null)statement.close();
                if(resultSet != null)resultSet.close();

            }catch (SQLException e)
            {

            }
        }

        return user;
    }

    public static User login_Strong(String username, String password) throws ClassNotFoundException {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        User user = null;

        Class.forName(JDBC_DRIVER);

        try {
            connection = DriverManager.getConnection(DB_URL,USER,PASSWORD);
//            statement = connection.createStatement();
            String sql = "SELECT * FROM user_login WHERE userName = '"+ username + "' AND password = " +password;
//            resultSet = statement.executeQuery(sql);

            sql = "SELECT * FROM user_login WHERE userName = ? AND password = ?";
            preparedStatement = connection.prepareStatement(sql);
            preparedStatement.setString(1,username);
            preparedStatement.setString(2,password);

            resultSet = preparedStatement.executeQuery();
            while(resultSet.next())
            {
                user = new User();
                user.setId(resultSet.getInt("id"));
                user.setUserName(resultSet.getString("userName"));
                user.setSex(resultSet.getInt("sex"));
                user.setPassword(resultSet.getString("password"));
            }
        } catch (SQLException e)
        {
            System.out.println(e.toString());
        }
        finally {
            try{
                if(connection != null) connection.close();
                if(preparedStatement != null)preparedStatement.close();
                if(resultSet != null)resultSet.close();

            }catch (SQLException e)
            {

            }
        }

        return user;
    }
}
